Pierluigi Paganini
February 26, 2026
Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the patches promptly to prevent potential exploitation and protect their environments from compromise.
Trend Micro Apex One is an all-in-one advanced endpoint security solution. It provides ransomware protection, zero-day threat defense, EDR, predictive machine learning, DLP, and virtual patching via a single agent.
The first vulnerability addressed by the security firm is a Console Directory Traversal Remote Code Execution issue tracked as CVE-2025-71210 (CVSS score of 9.8).
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.” reads the advisory. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
The second vulnerability fixed by the company is a Console Directory Traversal Remote Code Execution issue, tracked as CVE-2025-71211 (CVSS score of 9.8). The report states that the vulnerability is similar in scope to CVE-2025-71210 but impacts a different executable.
“A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable.” reads the report. “For this particular vulnerability, an attacker must have access to the Trend Micro Apex One Management Console, so customers that have their console’s IP address exposed externally should consider mitigating factors such as source restrictions if not already applied.”
The researchers Jacky Hsieh and Charles Yang @ CoreCloud Tech reported both flaws through the TrendAI’s Zero Day Initiative. The SaaS versions have already been mitigated, and no customer action is required.
Trend Micro addressed the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136.
The company also fixes two high-severity privilege escalation flaws (CVE-2025-71212: Scan Engine Link Following Local Privilege Escalation Vulnerability, CVE-2025-71213: Origin Validation Error Local Privilege Escalation Vulnerability) in the Windows agent and four issues impacting the macOS agent.
The cybersecurity firm did not reveal if these vulnerabilities have been exploited in attacks in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Trend Micro)
Security / February 26, 2026
